PT-2020-21285 — Node Sequelize

PT-2020-21285 · Node · Sequelize

Published

2020-09-03

Updated

2020-09-03

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions sequelize versions prior to 4.44.4

Description The issue affects the SQLite dialect, which fails to catch a TypeError exception for the results variable. If the results value is undefined, it may trigger an error on a .map call, potentially allowing attackers to submit malicious input that forces the exception and crashes the Node process.

Recommendations For versions prior to 4.44.4, upgrade to version 4.44.4 or later.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-248

Related Identifiers

GHSA-FW4P-36J9-RRJ3

Affected Products

Sequelize